Why we made this change

Visitors are allowed 3 free articles per month (without a subscription), and private browsing prevents us from counting how many stories you've read. We hope you understand, and consider subscribing for unlimited online access.

A cyber-skills shortage means students are being recruited to fight off hackers

Students with little or no cybersecurity knowledge are being paired with easy-to-use AI software that lets them protect their campus from attack.

There aren’t enough cybersecurity workers out there—and things are getting worse. According to one estimate, by 2021 an estimated 3.5 million cybersecurity jobs will be unfilled. And of the candidates who apply, fewer than one in four are even qualified.

That’s why many large corporations are investing in longer-term solutions like mobile training trucks and apprenticeship programs. But the Texas A&M University System has found a way to solve its labor shortage in the short term. It’s pairing student security beginners with AI software.

The college’s Security Operations Center deals with about a million attempts to hack the university system each month. While the center does have some full-time employees, the majority of its security force is made up of students. Ten students currently work alongside AI software to detect, monitor, and remediate the threats.

This setup both trains students for roles at other companies and serves as cheap cybersecurity staff for the college. And unlike many other organizations, Texas A&M is having no trouble filling the positions. “We have never posted a job,” says Daniel Basile, executive director of the Security Operations Center. “All of [the students] have heard about us through side channels.”

The Texas A&M University System | YouTube

When the students come in for the day, they’re presented with a whiteboard displaying different areas of the university, noting how many potential threats each is facing. The AI has already pulled out these “events” and helped to prioritize them. The students then look at each abnormality and check to see if it looks like suspicious activity. They do so by comparing them with past attacks, looking at things like IP addresses, and analyzing data provided by the software. “We try the best we can to get all agencies to zero alerts,” says student security analyst Jennifer Allen. “Then if we do, we do a second review to look at what people may have missed.”

Sign up for Clocking In

A daily look at the workplace of the future

Thank you — please check your email to complete your sign up.

Incorrect email format

By signing up you agree to receive email newsletters and
notifications from MIT Technology Review. You can change your preferences at any time. View our
Privacy Policy for more detail.

And while that additional look may seem like overkill, Allen says one of her proudest moments actually came during a secondary review. She identified a large amount of data being moved across the school network as illicit BitTorrent activity.

Benjamin Cervantes, a senior majoring in technology management, came to work at the center a year and a half ago with the hope of getting experience to prepare him for a cybersecurity role in the military. Before starting this job, he was working at a local auto repair shop to help pay for university. Now, instead of working on cars, he supports his schooling by using his coding skills 20 to 30 hours a week to analyze threats and work on AI software that can further automate the process of dealing with them.

40%

of security executives said the skills shortage was causing high rates of burnout and turnover.

But just attracting people to work in cybersecurity isn’t the whole challenge. A recent survey found that almost 40% of security executives said the skills shortage was causing high rates of burnout and turnover (see “Cybersecurity’s insidious new threat: workforce stress”). “No matter how much revenue you have, you can’t find the people,” says Hitesh Sheth, CEO of Vectra, which makes the AI software the university uses. “People leave in 12 months because someone else will give them a 30% bump in pay.”

Courtesy of Texas A&M cybersecurity threat center

This article first appeared in Clocking In, our newsletter covering the impact of emerging technology on the future of work. Sign up here—it’s free!

The Security Operations Center isn’t immune to the stress issue but attempts to combat it with sheer quantity of workers. “We’re all looking through thousands of threats,” says Cervantes. “It does get a little frustrating, but because there are so many [students], we can keep up with the numbers and do some side projects and training to prevent that burnout.”

AI serves as a crutch to help even inexperienced students begin to evaluate threats quickly. For now, the software just detects anomalies and provides some context. But it can’t act upon its findings, making humans a necessity for dealing with threats. “Looking ahead, I think we’ll get to the point where the software will become predictive, sense very early stages of attack, and act to contain the attack,” says Sheth.

But increased adoption of artificial intelligence for mitigating attacks could be a dangerous gamble. Hackers can learn to circumvent security algorithms and attempt to contaminate training data. Therefore, automation isn’t the only answer. Humans have an important role to play as well. And they are desperately needed.

Keep up with the latest in cyber security at EmTech Digital.Don't be left behind.

Share

Tagged

I am the associate editor of the future of work at MIT Technology Review. I am particularly interested in automation and advanced manufacturing, spurring from my background in mechanical engineering. I produce our future of work e-mail… More newsletter, Clocking In, which takes a daily look at how technology is impacting the workplace. Before joining the publication I worked as a freelance science writer, founded the 3-D printing company Sci Chic, and interned at the Economist. Get in touch at erin.winick@technologyreview.com.

You've read
of three
free articles this month.
Subscribe now for unlimited online access.
You've read
of three
free articles this month.
Subscribe now for unlimited online access.
This is your last free article this month.
Subscribe now for unlimited online access.
You've read all your free articles this month.
Subscribe now for unlimited online access.
You've read
of three
free articles this month.
Log in for more, or subscribe now for unlimited online access.
Log in for two more free articles, or subscribe now
for unlimited online access.